iam

package

v0.2.0 Latest Latest Go to latest Published: May 14, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/donaldgifford/libtftest

Links

Open Source Insights

Documentation ¶

Overview ¶

Package iam provides post-apply assertions for AWS IAM resources created by Terraform modules under test.

Every assertion in this package gates on libtftest.RequirePro because LocalStack OSS does not implement the IAM resource-level APIs (GetRole, GetRolePolicy, etc.) — they require LocalStack Pro. Pro-only functions carry the `// libtftest:requires pro <reason>` marker for the docgen feature-matrix tool.

All assertions follow the paired-method shape from INV-0001: a context-aware variant ending in Context and a shim that calls the *Context variant with tb.Context().

Import alias convention: callers typically alias this package as iamassert to coexist with the AWS SDK's iam package:

import (
    iamassert "github.com/donaldgifford/libtftest/assert/iam"
    iamsdk   "github.com/aws/aws-sdk-go-v2/service/iam"
)

Index ¶

func RoleExists(tb testing.TB, cfg aws.Config, name string)
func RoleExistsContext(tb testing.TB, ctx context.Context, cfg aws.Config, name string)
func RoleHasInlinePolicy(tb testing.TB, cfg aws.Config, role, policy string)
func RoleHasInlinePolicyContext(tb testing.TB, ctx context.Context, cfg aws.Config, role, policy string)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RoleExists ¶

func RoleExists(tb testing.TB, cfg aws.Config, name string)

RoleExists is a shim that calls RoleExistsContext with tb.Context().

libtftest:requires pro IAM GetRole is not implemented by LocalStack OSS.

func RoleExistsContext ¶

func RoleExistsContext(tb testing.TB, ctx context.Context, cfg aws.Config, name string)

RoleExistsContext asserts that the named IAM role exists.

libtftest:requires pro IAM GetRole is not implemented by LocalStack OSS.

func RoleHasInlinePolicy ¶

func RoleHasInlinePolicy(tb testing.TB, cfg aws.Config, role, policy string)

RoleHasInlinePolicy is a shim that calls RoleHasInlinePolicyContext with tb.Context().

libtftest:requires pro IAM GetRolePolicy is not implemented by LocalStack OSS.

func RoleHasInlinePolicyContext ¶

func RoleHasInlinePolicyContext(tb testing.TB, ctx context.Context, cfg aws.Config, role, policy string)

RoleHasInlinePolicyContext asserts that the named IAM role carries the named inline policy.

libtftest:requires pro IAM GetRolePolicy is not implemented by LocalStack OSS.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL